Proxmox and Talos Node Provisioning
Relevant source files
- .taskfiles/Flux/Taskfile.yaml
- .taskfiles/bootstrap/Taskfile.yaml
- infrastructure/terraform/proxmox/README.md
- infrastructure/terraform/proxmox/providers.tf
- infrastructure/terraform/proxmox/talos/config.tf
- infrastructure/terraform/proxmox/talos/image.tf
- infrastructure/terraform/proxmox/talos/image/schematic.yaml
- infrastructure/terraform/proxmox/talos/machine-config/common.yaml.tftpl
- infrastructure/terraform/proxmox/talos/machine-config/control-plane.yaml.tftpl
- infrastructure/terraform/proxmox/talos/machine-config/worker.yaml.tftpl
- infrastructure/terraform/proxmox/talos/providers.tf
- infrastructure/terraform/proxmox/talos/variables.tf
- infrastructure/terraform/proxmox/talos/virtual-machines.tf
- infrastructure/terraform/proxmox/talos_cluster.auto.tfvars
- infrastructure/terraform/proxmox/talos_image.auto.tfvars
- infrastructure/terraform/proxmox/talos_nodes.auto.tfvars
- infrastructure/terraform/proxmox/variables.tf
- infrastructure/terraform/s3/backblaze/providers.tf
- kubernetes/apps/network/envoy-gateway/app/envoy.yaml
- kubernetes/apps/network/envoy-gateway/app/helmrelease.yaml
- kubernetes/apps/network/envoy-gateway/app/kustomization.yaml
- kubernetes/apps/network/envoy-gateway/app/scaledobject.yaml
- kubernetes/apps/system-upgrade/kustomization.yaml
- kubernetes/apps/system-upgrade/tuppr/app/helmrelease.yaml
- kubernetes/apps/system-upgrade/tuppr/app/kustomization.yaml
- kubernetes/apps/system-upgrade/tuppr/app/ocirepository.yaml
- kubernetes/apps/system-upgrade/tuppr/ks.yaml
- kubernetes/apps/system-upgrade/tuppr/upgrades/kubernetesupgrade.yaml
- kubernetes/apps/system-upgrade/tuppr/upgrades/kustomization.yaml
- kubernetes/apps/system-upgrade/tuppr/upgrades/talosupgrade.yaml
- kubernetes/apps/system-upgrade/versions.env
- scripts/bootstrap-cluster.sh
- scripts/render-machine-config.sh
This page details the automated provisioning of the home-ops infrastructure layer, focusing on the lifecycle of Talos Linux nodes running on a Proxmox hypervisor. The process integrates Terraform for hardware virtualization, Jinja2/OpenTofu templating for immutable OS configuration, and the TUPPR controller for rolling cluster upgrades.
Infrastructure Lifecycle Overview
The provisioning workflow follows a “Virtualization-as-Code” pattern where the Proxmox hypervisor is treated as a target for the bpg/proxmox Terraform provider.
Provisioning Data Flow
The following diagram illustrates the relationship between configuration files and the resulting infrastructure entities.
Diagram: Configuration to Provisioning Mapping
[Flowchart Diagram]
Sources: infrastructure/terraform/proxmox/talos/virtual-machines.tf1-149infrastructure/terraform/proxmox/talos/machine-config/common.yaml.tftpl1-159infrastructure/terraform/proxmox/talos_cluster.auto.tfvars1-31
Proxmox VM Provisioning
VMs are managed using the bpg/proxmox provider infrastructure/terraform/proxmox/providers.tf23-26 The configuration utilizes a q35 machine type and virtio-scsi-single hardware for optimal performance infrastructure/terraform/proxmox/talos/virtual-machines.tf12-14
Hardware and iGPU Passthrough
For workloads requiring hardware acceleration (e.g., Plex/Jellyfin), Intel iGPU passthrough is configured at the VM level.
- Host PCI Mapping: The
hostpciblock maps the physical device0000:00:02.0to the VM infrastructure/terraform/proxmox/talos/virtual-machines.tf122-148 - Kernel Modules: Talos is configured to load the
i915andnbdmodules via the machine configuration infrastructure/terraform/proxmox/talos/machine-config/common.yaml.tftpl2-5
Storage and Network
- Disks: Primary disks are provisioned using the
diskdynamic block, referencing Talos images downloaded directly to Proxmox storage infrastructure/terraform/proxmox/talos/virtual-machines.tf63-92 - Networking: Configured via
network_deviceblocks with support for specific MAC addresses and VLAN tags infrastructure/terraform/proxmox/talos/virtual-machines.tf53-60
Sources: infrastructure/terraform/proxmox/talos/virtual-machines.tf1-150infrastructure/terraform/proxmox/talos/machine-config/common.yaml.tftpl1-87
Talos Machine Configuration
Talos Linux is configured through immutable YAML files generated from Terraform templates (.tftpl). These templates allow for dynamic injection of variables such as IP addresses, disk paths, and Kubernetes versions.
Configuration Components
| Component | File Path | Description |
|---|---|---|
| Common | common.yaml.tftpl | Shared sysctls, kernel modules, and kubelet feature gates infrastructure/terraform/proxmox/talos/machine-config/common.yaml.tftpl1-159 |
| Control Plane | control-plane.yaml.tftpl | VIP configuration, etcd settings, and API server manifests infrastructure/terraform/proxmox/talos/machine-config/control-plane.yaml.tftpl1-40 |
| Worker | worker.yaml.tftpl | Worker-specific node labels and hardware passthrough settings |
Key System Optimizations
The common.yaml.tftpl includes several high-performance sysctl tunings for 10Gb/s networking and PostgreSQL workloads:
- Networking:
net.core.rmem_maxandnet.core.wmem_maxare set to67108864to support high-throughput QUIC/Cloudflared traffic infrastructure/terraform/proxmox/talos/machine-config/common.yaml.tftpl69-70 - Storage: NFS mount options are optimized with
nconnect=8andnfsvers=4.2infrastructure/terraform/proxmox/talos/machine-config/common.yaml.tftpl53-57 - Database:
vm.nr_hugepagesis set to1024for PostgreSQL performance infrastructure/terraform/proxmox/talos/machine-config/common.yaml.tftpl83
Sources: infrastructure/terraform/proxmox/talos/machine-config/common.yaml.tftpl1-83infrastructure/terraform/proxmox/talos/machine-config/control-plane.yaml.tftpl1-40
Talos Image Factory and Bootstrap
The cluster uses custom Talos images generated via the Talos Image Factory. The specific image schematic (drivers, extensions) is defined in schematic.yaml.
Bootstrap Process
The scripts/bootstrap-cluster.sh script handles the initial transition from bare VMs to a functional cluster:
- Apply Config: Renders machine configurations and applies them via
talosctl apply-config --insecurescripts/bootstrap-cluster.sh10-62 - Bootstrap: Initiates the etcd cluster on a designated controller node scripts/bootstrap-cluster.sh65-80
- Kubeconfig: Fetches the admin credentials once the API server is up scripts/bootstrap-cluster.sh83-95
- Resource Handover: Applies CRDs and initial Helm releases via
helmfilebefore Flux takes over scripts/bootstrap-cluster.sh115-172
Sources: scripts/bootstrap-cluster.sh1-198infrastructure/terraform/proxmox/talos/virtual-machines.tf86-91
Rolling Upgrades with TUPPR
Cluster maintenance is automated using TUPPR (Talos/Kubernetes Upgrade PR), which manages rolling upgrades for both the Talos OS and the Kubernetes components.
Upgrade Orchestration
TUPPR utilizes custom resources to define upgrade targets and health check policies.
Diagram: TUPPR Upgrade Logic
[Flowchart Diagram]
Configuration Entities
- TalosUpgrade: Defined in
talosupgrade.yaml, specifying the target version (e.g.,v1.13.0) and health checks to ensure VolSync is not currently synchronizing data during a reboot kubernetes/apps/system-upgrade/tuppr/upgrades/talosupgrade.yaml1-21 - Versions Source: The
versions.envfile acts as the single source of truth forKUBERNETES_VERSIONandTALOS_VERSION, monitored by Renovate kubernetes/apps/system-upgrade/versions.env1-5
Sources: kubernetes/apps/system-upgrade/tuppr/upgrades/talosupgrade.yaml1-21kubernetes/apps/system-upgrade/versions.env1-5kubernetes/apps/system-upgrade/tuppr/app/ocirepository.yaml1-14